// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_CERT_X509_UTIL_MAC_H_
#define NET_CERT_X509_UTIL_MAC_H_

#include <CoreFoundation/CFArray.h>
#include <Security/Security.h>

#include <string>

#include "base/macros.h"
#include "net/base/net_export.h"

namespace net {

namespace x509_util {

    // Creates a security policy for certificates used as client certificates
    // in SSL.
    // If a policy is successfully created, it will be stored in
    // |*policy| and ownership transferred to the caller.
    OSStatus NET_EXPORT CreateSSLClientPolicy(SecPolicyRef* policy);

    // Create an SSL server policy. While certificate name validation will be
    // performed by SecTrustEvaluate(), it has the following limitations:
    // - Doesn't support IP addresses in dotted-quad literals (127.0.0.1)
    // - Doesn't support IPv6 addresses
    // - Doesn't support the iPAddress subjectAltName
    // Providing the hostname is necessary in order to locate certain user or
    // system trust preferences, such as those created by Safari. Preferences
    // created by Keychain Access do not share this requirement.
    // On success, stores the resultant policy in |*policy| and returns noErr.
    OSStatus NET_EXPORT CreateSSLServerPolicy(const std::string& hostname,
        SecPolicyRef* policy);

    // Creates a security policy for basic X.509 validation. If the policy is
    // successfully created, it will be stored in |*policy| and ownership
    // transferred to the caller.
    OSStatus NET_EXPORT CreateBasicX509Policy(SecPolicyRef* policy);

    // Creates security policies to control revocation checking (OCSP and CRL).
    // If |enable_revocation_checking| is true, revocation checking will be
    // explicitly enabled.
    // If |enable_revocation_checking| is false, but |enable_ev_checking| is
    // true, then the system policies for EV checking (which include checking
    // for an online OCSP response) will be permitted. However, if the OS
    // does not believe the certificate is EV, no revocation checking will be
    // performed.
    // If both are false, then the policies returned will be explicitly
    // prohibited from accessing the network or the local cache, regardless of
    // system settings.
    // If the policies are successfully created, they will be appended to
    // |policies|.
    OSStatus NET_EXPORT CreateRevocationPolicies(bool enable_revocation_checking,
        bool enable_ev_checking,
        CFMutableArrayRef policies);

// CSSM functions are deprecated as of OSX 10.7, but have no replacement.
// https://bugs.chromium.org/p/chromium/issues/detail?id=590914#c1
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wdeprecated-declarations"

    // Wrapper for a CSSM_DATA_PTR that was obtained via one of the CSSM field
    // accessors (such as CSSM_CL_CertGet[First/Next]Value or
    // CSSM_CL_CertGet[First/Next]CachedValue).
    class CSSMFieldValue {
    public:
        CSSMFieldValue();
        CSSMFieldValue(CSSM_CL_HANDLE cl_handle,
            const CSSM_OID* oid,
            CSSM_DATA_PTR field);
        ~CSSMFieldValue();

        CSSM_OID_PTR oid() const { return oid_; }
        CSSM_DATA_PTR field() const { return field_; }

        // Returns the field as if it was an arbitrary type - most commonly, by
        // interpreting the field as a specific CSSM/CDSA parsed type, such as
        // CSSM_X509_SUBJECT_PUBLIC_KEY_INFO or CSSM_X509_ALGORITHM_IDENTIFIER.
        // An added check is applied to ensure that the current field is large
        // enough to actually contain the requested type.
        template <typename T>
        const T* GetAs() const
        {
            if (!field_ || field_->Length < sizeof(T))
                return NULL;
            return reinterpret_cast<const T*>(field_->Data);
        }

        void Reset(CSSM_CL_HANDLE cl_handle,
            CSSM_OID_PTR oid,
            CSSM_DATA_PTR field);

    private:
        CSSM_CL_HANDLE cl_handle_;
        CSSM_OID_PTR oid_;
        CSSM_DATA_PTR field_;

        DISALLOW_COPY_AND_ASSIGN(CSSMFieldValue);
    };

    // CSSMCachedCertificate is a container class that is used to wrap the
    // CSSM_CL_CertCache APIs and provide safe and efficient access to
    // certificate fields in their CSSM form.
    //
    // To provide efficient access to certificate/CRL fields, CSSM provides an
    // API/SPI to "cache" a certificate/CRL. The exact meaning of a cached
    // certificate is not defined by CSSM, but is documented to generally be some
    // intermediate or parsed form of the certificate. In the case of Apple's
    // CSSM CL implementation, the intermediate form is the parsed certificate
    // stored in an internal format (which happens to be NSS). By caching the
    // certificate, callers that wish to access multiple fields (such as subject,
    // issuer, and validity dates) do not need to repeatedly parse the entire
    // certificate, nor are they forced to convert all fields from their NSS types
    // to their CSSM equivalents. This latter point is especially helpful when
    // running on OS X 10.5, as it will fail to convert some fields that reference
    // unsupported algorithms, such as ECC.
    class CSSMCachedCertificate {
    public:
        CSSMCachedCertificate();
        ~CSSMCachedCertificate();

        // Initializes the CSSMCachedCertificate by caching the specified
        // |os_cert_handle|. On success, returns noErr.
        // Note: Once initialized, the cached certificate should only be accessed
        // from a single thread.
        OSStatus Init(SecCertificateRef os_cert_handle);

        // Fetches the first value for the field associated with |field_oid|.
        // If |field_oid| is a valid OID and is present in the current certificate,
        // returns CSSM_OK and stores the first value in |field|. If additional
        // values are associated with |field_oid|, they are ignored.
        OSStatus GetField(const CSSM_OID* field_oid, CSSMFieldValue* field) const;

    private:
        CSSM_CL_HANDLE cl_handle_;
        CSSM_HANDLE cached_cert_handle_;
    };

#pragma clang diagnostic pop // "-Wdeprecated-declarations"

} // namespace x509_util

} // namespace net

#endif // NET_CERT_X509_UTIL_MAC_H_
